diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/network.js | |
parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/network.js')
-rw-r--r-- | admportal/server/router/routes/network.js | 52 |
1 files changed, 45 insertions, 7 deletions
diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js index c64beae2..30aa66b2 100644 --- a/admportal/server/router/routes/network.js +++ b/admportal/server/router/routes/network.js @@ -20,12 +20,15 @@ var finalJson={}; var platform;
var req,res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error = false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
network.go = function(lreq,lres,cb,dir) {
puts("Processing NETWORK workbook");
+ proc_error = false;
req = lreq;
res = lres;
callback = cb;
@@ -49,7 +52,8 @@ function doGeneral() { helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('general file is missing from upload.');
+ proc_error=true;
}
}
@@ -57,8 +61,9 @@ function gotGeneral(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
- callback('General.csv file is missing from upload.');
- return;
+ proc_error=true;
+ callback('General.csv file is missing from upload.');
+ return;
}
csvGeneral = jsonObj;
puts("\nRead this: ");
@@ -77,7 +82,10 @@ function doSubnets() { helpers.readCsv(indir, newFileName, gotSubnets);
}
else {
+ puts('subnets file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -85,6 +93,7 @@ function gotSubnets(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Subnets.csv file is missing from upload.');
return;
}
@@ -108,7 +117,10 @@ function doVpnBindings() { helpers.readCsv(indir, newFileName, gotVpnBindings);
}
else {
+ puts('vnp-bindings file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -116,6 +128,7 @@ function gotVpnBindings(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VPN-Bindings.csv file is missing from upload.');
return;
}
@@ -140,7 +153,10 @@ function doPolicies() { helpers.readCsv(indir, newFileName, gotPolicies);
}
else {
+ puts('policies file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -148,6 +164,7 @@ function gotPolicies(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Policies.csv file is missing from upload.');
return;
}
@@ -178,7 +195,10 @@ function doNetRoutes() { helpers.readCsv(indir, newFileName, gotNetRoutes);
}
else {
+ puts('network-routes file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -186,6 +206,7 @@ function gotNetRoutes(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Network-Routes.csv file is missing from upload.');
return;
}
@@ -218,6 +239,21 @@ function processJson() { processPolicies();
processNetRoutes();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -256,7 +292,7 @@ function assembleJson() { finalJson = {"input": networkInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -265,7 +301,7 @@ function outputJson() { puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";
@@ -275,7 +311,7 @@ function outputJson() { filename = "output.json." + unixTime;
}
helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //callback(null, finalJson, filename);
}
@@ -288,7 +324,9 @@ function processGeneral() { if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {
puts("\nError - incorrect version of preload worksheet.");
- callback('Error - incorrect version of preload worksheet.');
+ proc_error=true;
+ //callback('Error - incorrect version of preload worksheet.');
+ return;
}
rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');
|